In a time not long ago it was common to see a business person with two phones sitting on the table when they went to lunch. One phone was their personal and one phone was their business (usually a blackberry). But this recently began to change as more and more people began moving to their own smartphones, and with that change came a call from the masses to allow for BYOD (Bring Your Own Device). Obviously, this has been causing a great deal of turmoil for IT organizations as they try to balance between allowing for BYOD and enforcing their stringent data privacy and access policies.
Many IT organizations have now tackled the BYOD issue and I’ve seen an emergence of a few key directions that they are taking:
- Open BYOD – Allowing access for devices owned by employees with written policies and security, but no device management.
- Company Administered BYOD– Allowing full access for devices owned by employees with policies set as to how those employees access data and giving the company rights to administer the device (e.g., wipe, blacklist, etc.)
- Company Pay – Only allowing company owned and distributed devices access to internal systems and disallowing any BYOD capabilities.
- Stipend Based – Providing employees with a monthly stipend to purchase a device and then access company data using that device.
Each of these policies has its pros and cons, but the stipend based approach is one that is really both interesting and causing quite a bit of consternation. Take, for example, a friend of mine who just joined a very large company in a marketing function. She lives by her iPhone and has fully embraced the BYOD trend and was very happy when her new employer offered a stipend based program that would not require her to have two phones. However, when she was informed that the stipend based policy would entail her phone becoming falling under a company administered BYOD policy, she quickly began having second thoughts. Many employees want to use their own phone, but don’t want to give up the privacy of deciding what apps they can have, or give over their rights when it comes to wiping their phone clean.
This is the dilemma faced by IT organizations as they roll out BYOD capabilities and of employees as they look to embrace them and it is bringing back the two phone trend in a time when many are looking for a convergence between technologies.
As we move further and further into the BYOD space, it is up to IT divisions to not only educate their employees on how the policies work, but to also make those policies work for the employees. For many years, IT has worked under the assumption that they own the technology and have control over the technology, but with this shift to user owned devices, that mantra can no longer be held as an absolute. I believe education and compromise are the keys here. IT still needs to be stringent in holding tight to security of data and access, but also needs to understand that making something so obtrusive into the personal space of employees will not only cost IT money (e.g., people will simply stick with the Company pay model), but will also continue to drive a wedge between IT and the rest of the company as IT being seen as a necessary evil rather than an enabler.
The best way to cope with this is to ensure that your employees not only understand your BYOD policies, and the affect it has on their privacy, but that they also understand the need for these policies. Often, this will require much more than simply posting to policy on an internal website. It will require IT to do a bit of marketing promoting the benefits of the policies and BYOD itself and showing employees that IT is giving them a great service (e.g., allowing access to secure company data via a mobile device) and asking, in return, for employees to understand the requirements behind receiving that extended service.
When IT can find a way to balance security with promotion, they will often find a willing audience that will embrace their technology and move to a single phone model that benefits both the company and the employees.